def download_ocsp_response_cache(url): """ Downloads OCSP response cache from Snowflake. """ logger = getLogger(__name__) ocsp_validation_cache = {} import binascii try: with requests.Session() as session: session.mount('http://', HTTPAdapter(max_retries=5)) session.mount('https://', HTTPAdapter(max_retries=5)) response = session.request( method=u'get', url=url, timeout=10, # socket timeout verify=True, # for HTTPS (future use) ) if response.status_code == OK: try: _decode_ocsp_response_cache(response.json(), ocsp_validation_cache) except (ValueError, binascii.Error) as err: logger.debug( 'Failed to convert OCSP cache server response to ' 'JSON. The cache was corrupted. No worry. It will' 'validate with OCSP server: %s', err) else: logger.debug("Failed to get OCSP response cache from %s: %s", url, response.status_code) except Exception as e: logger.debug("Failed to get OCSP response cache from %s: %s", url, e) return ocsp_validation_cache
def execute_ocsp_request(ocsp_uri, cert_id, proxies=None, do_retry=True): """ Executes OCSP request for the given cert id """ logger = getLogger(__name__) request = Request() request['reqCert'] = cert_id request_list = univ.SequenceOf(componentType=Request()) request_list[0] = request tbs_request = TBSRequest() tbs_request['requestList'] = request_list tbs_request['version'] = Version(0).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) ocsp_request = OCSPRequest() ocsp_request['tbsRequest'] = tbs_request # no signature for the client # no nonce is set, because not all OCSP resopnder implements it yet # transform objects into data in requests data = der_encoder.encode(ocsp_request) parsed_url = urlsplit(ocsp_uri) max_retry = 100 if do_retry else 1 # NOTE: This retry is to retry getting HTTP 200. headers = { 'Content-Type': 'application/ocsp-request', 'Content-Length': '{0}'.format(len(data)), 'Host': parsed_url.hostname, } logger.debug('url: %s, headers: %s, proxies: %s', ocsp_uri, headers, proxies) with requests.Session() as session: session.mount('http://', HTTPAdapter(max_retries=5)) session.mount('https://', HTTPAdapter(max_retries=5)) for attempt in range(max_retry): response = session.post(ocsp_uri, headers=headers, proxies=proxies, data=data, timeout=60) if response.status_code == OK: logger.debug("OCSP response was successfully returned") break elif max_retry > 1: wait_time = 2**attempt wait_time = 16 if wait_time > 16 else wait_time logger.debug("OCSP server returned %s. Retrying in %s(s)", response.status_code, wait_time) time.sleep(wait_time) else: logger.error("Failed to get OCSP response after %s attempt.", max_retry) return response.content
def execute_ocsp_request(ocsp_uri, cert_id, proxies=None, do_retry=True): """ Executes OCSP request for the given cert id """ global SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN logger = getLogger(__name__) request = Request() request['reqCert'] = cert_id request_list = univ.SequenceOf(componentType=Request()) request_list[0] = request tbs_request = TBSRequest() tbs_request['requestList'] = request_list tbs_request['version'] = Version(0).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) ocsp_request = OCSPRequest() ocsp_request['tbsRequest'] = tbs_request # no signature for the client # no nonce is set, because not all OCSP resopnder implements it yet # transform objects into data in requests data = der_encoder.encode(ocsp_request) b64data = b64encode(data).decode('ascii') if SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN: parsed_url = urlsplit(ocsp_uri) target_url = SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN.format( parsed_url.hostname, b64data) else: target_url = u"{0}/{1}".format(ocsp_uri, b64data) max_retry = 100 if do_retry else 1 # NOTE: This retry is to retry getting HTTP 200. logger.debug('url: %s, proxies: %s', target_url, proxies) with requests.Session() as session: session.mount('http://', HTTPAdapter(max_retries=5)) session.mount('https://', HTTPAdapter(max_retries=5)) for attempt in range(max_retry): response = session.get(target_url, proxies=proxies, timeout=60) if response.status_code == OK: logger.debug("OCSP response was successfully returned") break elif max_retry > 1: wait_time = 2**attempt wait_time = 16 if wait_time > 16 else wait_time logger.debug("OCSP server returned %s. Retrying in %s(s)", response.status_code, wait_time) time.sleep(wait_time) else: logger.error("Failed to get OCSP response after %s attempt.", max_retry) return response.content
def get_session(self): if self._session is None: self._session = requests.Session(**self._session_kwargs) self._session.headers.update(Authorization="Bearer " + self.get_oauth2_token()) adapter = HTTPAdapter(max_retries=self.retry_policy) self._session.mount('http://', adapter) self._session.mount('https://', adapter) return self._session
def download_ocsp_response_cache(url): """ Downloads OCSP response cache from Snowflake. """ import binascii with requests.Session() as session: session.mount('http://', HTTPAdapter(max_retries=5)) session.mount('https://', HTTPAdapter(max_retries=5)) response = session.get(url) if response.status_code == OK: try: _decode_ocsp_response_cache(response.json(), OCSP_VALIDATION_CACHE) except (ValueError, binascii.Error) as err: logger = getLogger(__name__) logger.info( 'Failed to convert OCSP cache server response to ' 'JSON. The cache was corrupted. No worry. It will' 'validate with OCSP server: %s', err) else: logger = getLogger(__name__) logger.info("Failed to get OCSP response cache from %s: %s", url, response.status_code)
def make_requests_session(self): s = requests.Session() s.mount(u'http://', HTTPAdapter(max_retries=REQUESTS_RETRY)) s.mount(u'https://', HTTPAdapter(max_retries=REQUESTS_RETRY)) s._reuse_count = itertools.count() return s